Posted on: May 10, 2011
Delete Files Effectively
Posted by: Brett Bisbe
Read time (bolded) – 4 minutes
Read time (comprehensive) 7 minutes
When you delete something, you want it gone. Whether it’s documents cluttering up your desktop, archived information from a job you haven’t had in years, or all-too-painful photos of you and your former flame, when you send something to the trash (or recycle bin), the idea is to get rid of it. Permanently.
Data, however, doesn’t just go away that easily. It is, of course, for our own protection that files stay ready for restoration in trash cans and recycle bins, just in case we delete something accidently and it needs to be recovered. Emptying these refuse receptacles, though, doesn’t even do the job. Somewhere buried in your hard drive, those files are still around, accessible to anyone with the skills to extract them.
Because old, presumably deleted files could still be recovered, this presents a security risk to anyone getting rid of an old computer or hard drive. Any sensitive financial or personal information could be potentially recovered and used for malicious purposes.
A wide variety of these disk-wiping programs exist, offering different functions and methods of data erasure. The United States Computer Emergency Readiness Team (US-CERT) outlines several important steps for true erasure:
- Secure Erase – standard programming in most hard drives, executable by disk erasure programs like the ones mentioned above.
- Multiple Overwrites – new data to replace erased data, written as many as seven times over.
- Random Data – using randomized data in the overwriting process to further hide patterns
- Final Layer of Zeros – added security from a final layer of all zeros.
An additional precaution, if you are scrapping an entire computer, is to simply remove the hard drive after the secure erasure process. The drive can then be destroyed or discarded separately, further reducing the risk of it being recovered by someone with malicious intent.
We spend a great deal of effort protecting our data while it is in use with firewalls, encryption, password protection, and the like. This data is just as sensitive long after we’re done with it, and we need to act accordingly.